(Editor's note: In this guest post, Aaron Rhodes, senior security consultant at mobile security firm Neohapsis offers tips for company owners embracing the Bring Your Own Device to work craze.)

A recent Forrester research report* states that 129 million people will have purchased their own smartphones for work use in 2013. But it's important to consider the business risks. A mobile security strategy is vital. It's good for data protection, but it's also great for business.

Here are the five necessary steps to take when developing corporate mobile security policies:

Set a strategy: Start mobile initiatives with a fully fleshed-out out plan; your strategy should take a holistic view of security with an overarching security framework. Inventory the types of data your mobile workforce accesses on phones and tablets, and treat smart phone and device security just like you would internal systems on the network.

Plan well: Set a specific timeline, with goals and milestones along the way. Put aside time for research, too. If you're getting new products such as MDM/MAM (Mobile Device/Application Management) systems, consider which is the easiest to integrate with your current IT architecture.

Establish policy: Creating and administering guidelines will help prevent confusion about how company data and email can be used on mobile devices, and this in turn will encourage users to exercise caution. More importantly, if there's a problem, they can't claim ignorance..

Train: Most people simply aren't aware that their actions on mobile devices (company-owned or not) can have dire consequences for the entire organization. Teaching your employees about the risks and how to mitigate them can help avoid catastrophe.

Comply: Keep compliance requirements in mind when deciding company policy. Remember, all company data housed on mobile devices is subject to the same regulatory mandates as other IT systems.